Hi Thorsten and list, Thorsten Trottier <thorsten.trottier@googlemail.com> writes:
I’m not a friend of NAT as well, but demonize NAT for any actions is a kind of overdo, isn’t it. We are living with NAT a long time now for better or for worse.
first off: NAT and NAT64 are two rather different concepts. NAT translates addresses and ports, but NAT64 translates between address/protocol families.
A customer of mine (enterprise customer with hundreds of sites and thousands of employees) has setup his IPv6 project more than 4 years ago and plans to be finished 2020. [...]
That's a different scenario than the one Christian talked about, which was more centered around an AD setup. But anyways: Why didn't you do the updates and made the servers dual-stacked? If they are too old to support IPv6, then at least from my experience they are in dire need of an update---or usually a replacement---anyway. I understand that using the NAT64 setup buys you some time at least on some accounts, but from my experience there is pretty much always some sort of stuff that doesn't work with NAT64 at least in enterprise environments. And actually finding these things beforehand is quite some job, so I'd generally consider this move something of a desperate gamble: Don't properly test because you *really* need a quick kludge, and hope no major functionalities get affected. Cheers, Benedikt PS: \begin{ObNATBashing} Anyone who thinks that NAT is no problem should be forced to implement STUN on any low end SIP phone first and made to deal with the legal fallout whenever an emergency call didn't work due to STUN problems second. \end{ObNATBashing} -- Benedikt Stockebrand, Stepladder IT Training+Consulting Dipl.-Inform. http://www.stepladder-it.com/ Business Grade IPv6 --- Consulting, Training, Projects BIVBlog---Benedikt's IT Video Blog: http://www.stepladder-it.com/bivblog/